Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Win32.Poison.svi (system32\winxp.exe)


  • This topic is locked This topic is locked
3 replies to this topic

#1 Sawasdee

Sawasdee

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 19 March 2009 - 01:26 AM

Hi guys!

I don't know how I<ve got that one!
I turned on the computer, and Kaspersky warned me with
C:\Windows\system32\winxp.exe
Backdoor.Win32.Poison.svi

Kaspersky didn't fix the problem after disinfection process.

I tried with Malwarebytes, didn't fix it!

My hidden files stay hidden even if in the folder options I selected show hidden files.
My Hard Drive can only be accessed by Explore

So help again guys will be appreciated!

Thanks in advance!

Here's the log file:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Froggy at 2:15:15,75 on 2009-03-19
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.991.520 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\winxp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Froggy\Bureau\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\fichiers communs\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTFMON] c:\windows\system32\wscript.exe /e:vbs c:\windows\system32\winjpg.jpg
mRun: [svchst] c:\windows\system32\winxp.exe
mRun: [regdiit] c:\windows\system32\winxp.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235694316328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235696924718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\froggy\applic~1\mozilla\firefox\profiles\q6ear0tb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-26 226832]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]

=============== Created Last 30 ================

2009-03-19 02:00 7,168 a------- c:\windows\system32\winxp.exe
2009-03-19 01:51 110 a--shr-- C:\autorun.inf
2009-03-19 01:46 161,792 a------- c:\windows\SWREG.exe
2009-03-19 01:46 98,816 a------- c:\windows\sed.exe
2009-03-19 01:30 <DIR> --d----- c:\windows\pss
2009-03-19 01:10 412 a------- c:\windows\system32\winxp
2009-03-19 00:59 49 a------- c:\windows\system32\2winxp
2009-03-18 22:42 43,500 a--shr-- C:\winfile.jpg
2009-03-18 22:42 43,500 a--shr-- c:\windows\system32\winjpg.jpg
2009-03-16 19:33 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-16 19:33 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 19:33 <DIR> --d----- c:\program files\iPod
2009-03-16 19:33 <DIR> --d----- c:\program files\iTunes
2009-03-16 19:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-16 19:33 <DIR> --d----- c:\program files\Bonjour
2009-03-16 19:32 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-16 19:32 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-16 19:32 <DIR> --d----- c:\program files\fichiers communs\Apple
2009-03-16 18:35 <DIR> --d----- c:\docume~1\froggy\applic~1\FLV Extract
2009-03-16 08:36 <DIR> --d----- c:\documents and settings\froggy\dwhelper
2009-03-15 10:10 <DIR> --d----- c:\program files\VideoLAN
2009-03-10 07:49 <DIR> --d-h--- c:\windows\PIF
2009-03-09 21:01 37,960 a------- c:\windows\hplj1010.hi1
2009-03-09 21:01 4,288 a------- c:\windows\hplj1010.bu1
2009-03-09 21:01 45,056 a------- c:\windows\NCUNINST.EXE
2009-03-09 21:00 11,813 a------- c:\windows\hplj1010.his
2009-03-09 21:00 2,209 a------- c:\windows\hplj1010.ini
2009-03-09 20:59 <DIR> --d----- c:\program files\fichiers communs\SWF Studio
2009-03-09 19:42 <DIR> --d----- c:\docume~1\froggy\applic~1\Malwarebytes
2009-03-09 19:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-09 19:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 19:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 19:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-09 18:19 69 a------- c:\windows\NeroDigital.ini
2009-03-08 21:57 <DIR> --d----- c:\program files\DVD Shrink
2009-03-08 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-03-08 21:27 <DIR> --d----- c:\program files\Nero
2009-03-08 21:11 1,414,440 a------- c:\windows\system32\ShellManager310E2D762.dll
2009-03-08 21:11 774,144 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-03-08 21:10 0 a------- c:\windows\Irremote.ini
2009-03-08 01:15 <DIR> --d----- c:\docume~1\froggy\applic~1\Canneverbe_Limited
2009-03-08 01:12 14,048 -------- c:\windows\system32\spmsg2.dll
2009-03-08 01:10 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-08 01:10 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-08 01:10 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-08 01:10 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-08 01:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-08 01:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-08 01:10 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-08 01:10 <DIR> --d----- C:\92430beca2ba8b1e6ddb9f
2009-03-08 01:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-07 22:14 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-03-07 22:14 <DIR> --d----- c:\program files\LSoft Technologies Inc
2009-03-07 22:01 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-07 21:40 <DIR> --d----- c:\program files\fichiers communs\Ahead
2009-03-06 09:28 168,448 a------- c:\windows\system32\unrar.dll
2009-03-06 09:28 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-03-05 19:22 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-03 20:04 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-03 20:03 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-03 20:03 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-03 20:03 1,048,576 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-03 20:03 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-03 20:03 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-03 20:03 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-03 20:03 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-03 20:03 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-03 20:03 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-02 20:40 <DIR> --d----- c:\program files\fichiers communs\Adobe AIR
2009-03-02 20:36 <DIR> --d----- c:\program files\fichiers communs\Macrovision Shared
2009-03-02 20:21 <DIR> --d----- c:\program files\uTorrent
2009-03-02 20:21 <DIR> --d----- c:\docume~1\froggy\applic~1\uTorrent
2009-03-02 20:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-02 20:02 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-01 19:56 <DIR> --d----- c:\windows\SHELLNEW
2009-02-28 10:54 117,248 a------- c:\windows\system32\ribbons.scr
2009-02-28 10:24 773,120 a------- c:\windows\system32\bubbles.scr
2009-02-28 10:04 118,845 a------- c:\windows\system32\Flurry.scr
2009-02-28 09:21 499,712 a------- c:\windows\system32\MSVCP71.DLL
2009-02-28 09:21 348,160 a------- c:\windows\system32\MSVCR71.DLL
2009-02-26 23:45 219,648 a------- c:\windows\system32\uxtheme.backup
2009-02-26 21:20 <DIR> --d----- c:\documents and settings\froggy\Tracing
2009-02-26 21:19 <DIR> --d----- c:\program files\Microsoft
2009-02-26 21:19 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-26 21:16 <DIR> --d----- c:\program files\fichiers communs\Windows Live
2009-02-26 21:13 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-26 21:11 <DIR> --d----- c:\windows\system32\LogFiles
2009-02-26 20:53 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-02-26 20:53 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-26 20:44 <DIR> --d----- c:\windows\system32\fr-fr
2009-02-26 20:44 <DIR> --d----- c:\windows\l2schemas
2009-02-26 20:44 <DIR> --d----- c:\windows\system32\fr
2009-02-26 20:44 <DIR> --d----- c:\windows\system32\bits
2009-02-26 20:43 <DIR> --d----- c:\windows\ServicePackFiles
2009-02-26 20:42 <DIR> --d----- c:\windows\network diagnostic
2009-02-26 20:35 36,640 -c------ c:\windows\system32\dllcache\mplayer2.inf
2009-02-26 20:27 <DIR> --d----- c:\windows\system32\PreInstall
2009-02-26 20:27 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-02-26 20:27 <DIR> --d-h--- c:\windows\$hf_mig$
2009-02-26 20:25 35,864 a------- c:\windows\system32\wucltui.dll.mui
2009-02-26 20:25 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-02-26 20:25 27,672 a------- c:\windows\system32\wuapi.dll.mui
2009-02-26 20:25 19,992 a------- c:\windows\system32\wuaueng.dll.mui
2009-02-26 20:25 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-02-26 20:25 <DIR> --dsh--- c:\documents and settings\froggy\UserData
2009-02-26 20:13 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-02-26 20:13 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-02-26 20:13 1,842,208 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-26 20:13 409,632 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-26 20:13 15,472 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-26 20:13 2,480 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-26 20:13 <DIR> --d----- c:\program files\Kaspersky Lab
2009-02-26 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-02-26 20:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-02-26 20:12 88,960 a------- c:\windows\system32\drivers\MidiSyn.sys
2009-02-26 20:12 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-02-26 20:12 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-02-26 20:12 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-02-26 20:12 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-02-26 20:12 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-02-26 20:12 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-02-26 20:12 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-02-26 20:12 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-02-26 20:12 7,552 a------- c:\windows\system32\drivers\mskssrv.sys
2009-02-26 20:12 4,992 a------- c:\windows\system32\drivers\mspqm.sys
2009-02-26 20:11 <DIR> --d----- c:\program files\Analog Devices
2009-02-26 20:11 <DIR> --d----- c:\program files\SiS VGA Utilities V3.78
2009-02-26 20:10 <DIR> --d----- c:\windows\SiS
2009-02-26 20:10 139,264 a------- c:\windows\system32\IDEproperty.dll
2009-02-26 20:10 49,024 a------- c:\windows\system32\drivers\sisidex.sys
2009-02-26 20:10 9,472 a------- c:\windows\system32\drivers\sisperf.sys
2009-02-26 20:09 305,664 a------- c:\windows\IsUn040c.exe
2009-02-26 20:09 <DIR> --d----- c:\documents and settings\froggy\WINDOWS
2009-02-26 20:09 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-02-26 20:09 <DIR> --d----- c:\program files\sisagp
2009-02-26 20:09 <DIR> --d----- c:\program files\fichiers communs\InstallShield
2009-02-26 08:54 <DIR> --d-h--- c:\documents and settings\froggy\Voisinage réseau
2009-02-26 08:54 <DIR> --d-h--- c:\documents and settings\froggy\Voisinage d'impression
2009-02-26 08:54 <DIR> --d-h--- c:\documents and settings\froggy\Modèles
2009-02-26 08:54 <DIR> --d--r-- c:\documents and settings\froggy\Mes documents
2009-02-26 08:54 <DIR> --d--r-- c:\documents and settings\froggy\Menu Démarrer
2009-02-26 08:54 <DIR> --d--r-- c:\documents and settings\froggy\Favoris
2009-02-26 08:54 <DIR> --d----- c:\documents and settings\froggy\Bureau
2009-02-26 08:54 <DIR> --d----- c:\documents and settings\Froggy
2009-02-26 08:53 <DIR> --ds---- c:\windows\system32\Microsoft
2009-02-26 08:53 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-26 08:51 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-26 08:50 173,568 ac------ c:\windows\system32\dllcache\chtskf.dll
2009-02-26 08:49 23,392 a------- c:\windows\system32\nscompat.tlb
2009-02-26 08:49 16,832 a------- c:\windows\system32\amcompat.tlb
2009-02-26 08:49 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-26 08:48 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-02-26 08:48 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-02-26 08:48 <DIR> --d----- c:\program files\Services en ligne
2009-02-26 08:47 <DIR> --d----- c:\program files\fichiers communs\MSSoap
2009-02-26 08:46 <DIR> --d----- c:\program files\Online Services
2009-02-26 08:45 <DIR> --d----- c:\program files\Messenger
2009-02-26 08:45 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-02-26 08:45 <DIR> --d----- c:\program files\Windows NT
2009-02-25 21:47 <DIR> --d----- c:\program files\fichiers communs\ODBC
2009-02-25 21:47 <DIR> --d----- c:\program files\fichiers communs\SpeechEngines
2009-02-25 21:46 <DIR> --d-h--- c:\documents and settings\all users\Modèles
2009-02-25 21:46 <DIR> --d--r-- c:\documents and settings\all users\Menu Démarrer
2009-02-25 21:46 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-02-25 21:46 <DIR> --d----- c:\documents and settings\all users\Favoris
2009-02-25 21:46 <DIR> --d----- c:\documents and settings\all users\Bureau

==================== Find3M ====================

2009-03-08 20:39 500,784 a------- c:\windows\system32\perfh00C.dat
2009-03-08 20:39 80,712 a------- c:\windows\system32\perfc00C.dat
2009-02-26 20:46 86,331 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-26 20:19 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-02-26 20:07 32,768 a------- c:\windows\system32\drivers\sisnicxp.sys
2009-02-26 20:07 4,096 a------- c:\windows\system32\drivers\siside.sys
2009-02-26 08:46 21,892 a------- c:\windows\system32\emptyregdb.dat
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-12-20 18:47 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 2:15:50,32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Sawasdee

Sawasdee
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 22 March 2009 - 11:56 AM

Didn't received any help yet but anyways, I've been able to remove and fix everything!
Combofix, Malwarebytes
With these 2, after their scans, without rebooting it as fix my Run and hidden filles. So I delete the winxp.exe and correct the registry, and all done at next reboot!

Thanks anyways guys!

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 27 March 2009 - 06:02 PM

Hello.

Glad you removed it, but that was a backdoor infection you had from looking at your logs. You might wish to format and change all passwords etc... using a clean machine. Your computer was compromised. Glad you fixed it though, but want to let you know the infection you have.

I will now close this topic.

Wtih Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 27 March 2009 - 06:04 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users